Kaspersky Threats

Detect date

?

03/14/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges.

Below is a complete list of vulnerabilities:

An improper check of a buffer length (prior to copying memory to the buffer) can be exploited remotely to gain privileges;
An incorrect permission enforcement done by Windows Kernel API can be exploited remotely via a specially designed application to gain privileges;
An improper handling of objects in memory in Windows Transaction Manager can be exploited remotely via a specially designed application to gain privileges;
An improper handling of registry objects in memory in Windows Kernel API can be exploited remotely via a specially designed application to gain privileges.

Technical details

Vulnerability (1) can be exploited only is malicious user has an access to the target system and have proper permissions to copy a file to a shared drive or folder.

Affected products

Windows Vista Service Pack 2
Windows 7 Service Pack 1
Windows 8.1
Windows RT
Windows 10
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS17-017
CVE-2017-0102
CVE-2017-0103
CVE-2017-0101
CVE-2017-0050

Impacts

?

PE

[?]

Detect date ?	03/14/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: An improper check of a buffer length (prior to copying memory to the buffer) can be exploited remotely to gain privileges; An incorrect permission enforcement done by Windows Kernel API can be exploited remotely via a specially designed application to gain privileges; An improper handling of objects in memory in Windows Transaction Manager can be exploited remotely via a specially designed application to gain privileges; An improper handling of registry objects in memory in Windows Kernel API can be exploited remotely via a specially designed application to gain privileges. Technical details Vulnerability (1) can be exploited only is malicious user has an access to the target system and have proper permissions to copy a file to a shared drive or folder.
Affected products	Windows Vista Service Pack 2 Windows 7 Service Pack 1 Windows 8.1 Windows RT Windows 10 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS17-017 CVE-2017-0102 CVE-2017-0103 CVE-2017-0101 CVE-2017-0050
Impacts ?	PE [?]
Related products	Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2017-01024.6Warning CVE-2017-01034.4Warning CVE-2017-01016.8High CVE-2017-00507.2High
Microsoft official advisories	Microsoft Security Update Guide
KB list	4012217 4012215 4012216 4012606 4013198 4013429 4012212 4012214 4012213 4011981 4013081
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/41645 https://www.exploit-db.com/exploits/44479 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10984Privilege escalation vulnerabilities in Windows kernel

KLA10984
Privilege escalation vulnerabilities in Windows kernel